In recent years, many computer related companies are pursuing the development of Web service related techniques for automatization of business transactions by using the Internet technology. One of objectives to be attained by Web services is to achieve an improvement in efficiency of electronic commercial transactions among a plurality of company systems. More specifically, a Web service provides a mechanism for realizing cooperation between a plurality of company systems in such a manner that a Web-based application program automatically searches for other related application programs.
“WS-Security” which is a security specification for such a Web service has been made public by International Business Machines Corporation, Microsoft Corporation and VeriSign Incorporated see Hiroshi Maruyama et al., “Web Service Security (WS-Security)”, Apr. 5, 2002, Published by International Business Machines Corporation/Microsoft Corporation/VeriSign Incorporated). In “WS-Security”, a mechanism for realizing single sign-on in a federated computing environment including a plurality of servers among which relationships of mutual trust are established is defined. “Relationship of mutual trust” or “trusting relationship” refers to a relationship among two or more servers such that if authentication of a user in the authentication system of one of the two or more servers succeeds, the user is treated as an authentic user in the other servers. An instance of a specification for the above-mentioned federation has been made public as “WS-Federation” (see Hiroshi Maruyama et al., “Web Service Federation Language (WS-Federation)”, Jul. 8, 2003, Published by International Business Machines Corporation/Microsoft Corporation/VeriSign Incorporated).
In a related art, when a user attempts to utilize a federated computing environment including a plurality of servers, the user performs user authentication by using the authentication system of one of the servers to obtain a security token. The user then puts his/her signature to a SOAP (Simple Object Access Protocol) message including the obtained security token and transmits the SOAP message to some of the servers providing a Web service. The server receiving the SOAP message verifies the security token contained in the SOAP message and sends a service reply to the user in response to a successful result of verification.
If the above-mentioned “WS-security” specification is formally accepted and comes into wide use by being implemented as a product, seamless cooperation between company systems will be accelerated and, for example, a large-scale supply chain system in which a large number of company systems participate will be realized.